Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2018-19797
Good to know:
Date: December 3, 2018
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.
Language: JS
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
NULL Pointer Dereference
CWE-476Top Fix
Upgrade Version
Upgrade to version cloudscribe.templates - 5.2.0;greenpeace/planet4-child-theme-storytelling - v0.12;greenpeace/planet4-child-theme-storytelling - dev-old-ui;greenpeace/planet4-child-theme-storytelling - v0.9.7;doublesecretagency/craft-spoon - 3.2.5;basic-builder/easybuilder-bundle - v0.0.3;seidemann-web/wave-theme - dev-fixUpLanguageConstants;seidemann-web/wave-theme - dev-omage-theme;seidemann-web/wave-theme - no_fix;seidemann-web/wave-theme - dev-WT-36/Sticky-Header-Fixes;narirock/marrs-catalog - no_fix;kayrules/solatjakim-api-site - dev-version-1.0;angellco/spoon - 3.2.5;GR.PageRender.Razor - 1.8.0;chrisbraybrooke/laravel-ecommerce - dev-form-field-key;chrisbraybrooke/laravel-ecommerce - 0.0.17;chrisbraybrooke/laravel-ecommerce - 0.0.2;chrisbraybrooke/laravel-ecommerce - 0.0.56;PWPTemplateCMS - no_fix;flexxia/flexprimeng - dev-dependabot/npm_and_yarn/css/postcss/y18n-3.2.2;flexxia/flexprimeng - dev-update-angularjs;files.com/files-php-sdk - v1.0.7;islandora/islandora_starter_theme - dev-main;islandora/islandora_starter_theme - dev-don_patch;islandora/islandora_starter_theme - dev-bd-d9-update;tombeachell/forza-magento - no_fix;i-saad-salman/statamic-analytics - no_fix;saphyr-solutions/saphyr-web-generator - no_fix;saphyr-solutions/saphyr-web-generator - 1.0.x-dev;saphyr-solutions/saphyr-web-generator - dev-ppe;zymawy/ironside-core - dev-utils;anupsathya/umd_bootstrap_sass - no_fix;gheb/nn - dev-master;OctoWeb01 - no_fix;OctoWeb - no_fix;islandora/islandora_base_theme - dev-bd-d9-updates;islandora/islandora_base_theme - dev-thumbnail-speed-patch;islandora/islandora_base_theme - no_fix;oburatongoi/productivity - 0.0.13;oburatongoi/productivity - no_fix;oburatongoi/productivity - 0.0.1;platformatory/opendevx - no_fix;miljoen/nova-autofill - no_fix;miljoen/nova-autofill - v1.0.0;scancode/portal-module - v1.0.12;scancode/portal-module - dev-dependabot/npm_and_yarn/Resources/assets/coreui/decode-uri-component-0.2.2;scancode/portal-module - dev-dependabot/npm_and_yarn/Resources/assets/coreui/path-parse-1.0.7;rjzaar/opencourse - no_fix;rjzaar/opencourse - dev-julprod;mmi/mmi-cms - 2.3.1;pwptemplatepusintek - no_fix;yivic/yivic-elce - no_fix;archambaultalex/image-field - no_fix;vesperphp/project - no_fix;oxid-esales/wave-theme - dev-oxscript-google-analytics;node-sass - no_fix;node-sass - no_fix;acquia/acquia_cms - 2020-11-17;acquia/acquia_cms - 2020-10-11;acquia/acquia_cms - 2020-11-05;dnaklik/dna-exchange-bundle - no_fix;stephane888/generate_style_theme - 1.0.1;MIDIator.WebClient - 1.0.105;ViewPacker - 1.0.18;Fable.Template.Elmish.React - 0.1.6;trezebits/trezevel-gallery - no_fix;ilhanet/erpnet-widget-resource - no_fix;kraenkvisuell/nova-cms-media - v1.0.3;kraenkvisuell/nova-cms-media - no_fix;kraenkvisuell/nova-cms-media - v1.2.2;org.webjars.npm:node-sass:no_fix;org.webjars.npm:bourbon-neat:2.1.0
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | HIGH |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | LOW |
CVSS v2
| Base Score: |
|
|---|---|
| Access Vector (AV): | NETWORK |
| Access Complexity (AC): | MEDIUM |
| Authentication (AU): | NONE |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | PARTIAL |
| Additional information: |